Snowden Docs: CIA Tries to Hack Into iPhones, iPads

New documents leaked by former NSA contractor Edward Snowden reveal that the CIA has made hacking into Apple’s iPhones and iPads a priority. (Vincent Lee/Flickr/Creative Commons photo)

Top-secret documents leaked by former National Security Agency (NSA) contractor Edward Snowden exposes the Central Intelligence Agency’s (CIA) role in trying to crack the security protocols of Apple’s iPhone and iPads as part of the federal government’s overall clandestine surveillance initiatives.

The documents provided to The Intercept by Edward Snowden do not indicate whether intelligence agents have been successful in cracking Apple’s encryption systems, and they do not reveal whether agents have employed any such techniques in intelligence gathering.

But analysts with the federal government’s intelligence agencies have a strong interest in picking the secure locks of Apple devices in order to steal data stored on iPhones and iPads.

The documents reveal agents have managed to gain access to certain parts of Apple’s mobile ecosystem through exploits made public — most of which are later fixed, or “patched,” by the computer company — as well as through modifications to Xcode, the platform Apple offers to hundreds of thousands of software developers for the creation and deployment of “apps” on Apple’s phones, tablets and computers.

At a secret security conference held in Herndon, Va., three years ago, government researchers boasted about their ability to compromise parts of Xcode that granted agents the ability to install so-called “backdoor” mechanisms as well as forcing programs on Apple phones and computers to relay data to a digital “listening post,” The Intercept said.

Analysts also discussed ways to extract certain encryption keys from Apple products — specifically, a single encryption key known as a “Group ID” that Apple implants on the processor of all its phones and tablets. If compromised, the Group ID key would grant agents access to encrypted areas of the firmware — or permanent operating software — of a specific range of Apple devices.

Apple changes the Group ID key when it releases new hardware, and the CIA has made it a priority to extract that particular key in order to look for security vulnerabilities in Apple’s hardware, The Intercept reported.

Since reports based on the Snowden documents were first published in mid-2013, Apple has insisted it does not collude with intelligence agencies to compromise the data or hardware of its customers. Tim Cook, Apple’s chief executive, has criticized the U.S. government and its partners for their clandestine collection of personal data belonging to millions of computer users.

But just how much the government collects from Apple users has yet to be fully understood. More than two years after the initial set of Snowden-based reports, programs and once-confidential documents are still being leaked to the public. The latest revelation by The Intercept is just one of many in which Apple customers have found themselves targeted by government agencies who are on a crusade to collect-it-all — even if such collection is in breach of domestic or international law.

“If I were Tim Cook, I’d be furious,” remarked Christopher Soghoian, the senior policy analyst for the American Civil Liberties Union (ACLU). “If Apple is mad at the intelligence community, and they should be, they should put their lawyers to work.”

At least one group has put their lawyers to work. Earlier this week, the Wikimedia Foundation announced it had filed a lawsuit against the NSA over its dragnet surveillance programs exposed by Snowden, alleging such programs constituted a violation of U.S. law and an infringement on the constitutionally protected right to free speech.

In its lawsuit, the foundation — which runs Wikipedia, Wikinews and other community-oriented websites — said the NSA’s “upstream” collection of Internet traffic was a violation of the First and Fourth Amendments, the latter protecting against unwarranted search and seizure.

“By tapping the backbone of the Internet, the NSA is straining the backbone of democracy,” Wikimedia Foundation executive Lila Tretikov said. “Wikipedia is founded on the freedoms of expression, inquiry, and information. By violating our users’ privacy, the NSA is threatening the intellectual freedom that is a central to people’s ability to create and understand knowledge.”

Wikipedia was one of several websites whose logo appeared in a leaked NSA slide detailing a bulk Internet collection program. The website is joined in its lawsuit by Human Rights Watch, Amnesty International and a handful of other civil liberties and human rights groups.